In order to identify a Company or an Individual in the digital world there exist different types of cryptographic keys that permit, for example, the use of digital certificates emitted and authorized by enabled authorities such as Verisign, Thawtee and many others. These digital certificates enable their related user/owner to perform cryptographic signing and/or authentication operations on behalf of the owner/user of the certificate, in such a way that said owner/user may digitally represent him/herself or his/her company in a wide range of different types of electronic operations.
These electronic operations may comprise simple identity validation in non-critical business transactions, as e.g. for obtaining access to a website or to an intranet or any other corporative system, but, on the other hand, these electronic operations may comprise critical identity validation in privileged operations that can legally compromise the whole company. Thus, it seems to be very important for a company to have under control all or at least part of the cryptographic keys that may be used by the employees in the digital world. In big organizations, for example, thousands of certificates may be available for the employees.
Some known platforms allow performing cryptographic operations with digital certificates that are locally installed in end-user computers. But, such a dispersion of cryptographic keys makes it difficult to avoid and/or detect in a reasonable period of time wrong and/or malicious uses of some of said certificates, which, as commented before, may compromise the whole company.
Systems trying to avoid such an inexistent and/or deficient control of cryptographic keys are known, said systems being based on the principle of centrally storing and managing certificates. For example, in the URLs http://www.realsec.com/pdfProEn/CryptoSignServer-technical-information.pdf and http://www.realsec.com/pdfProEn/CryptosignServer.pdf, it is described a Realsec's hardware/software platform that provides a centralized secure repository of certificates, which ensures security on the processes of electronic signature and validation in computer systems-oriented services. This secure repository of certificates is a HSM (Hardware Security Module) with very high security capabilities.
This Realsec's system permits to an organization storing cryptographic keys remotely in a centralized way for better supervision, which overcomes the disadvantages derived from having the cryptographic keys of the company locally stored in end-user computers and, thus, dispersed into a plurality of end-user computers. Moreover, the Realsec's system offers very strong security functionalities based on the mentioned HSM for all the keys that remains in the system.
Nevertheless, the Realsec's system has the drawback of not having a good equilibrium between the provided centralized storing/management capabilities and the provided security capabilities. A company normally has different types of cryptographic keys with different levels of critical nature, so that the cost of maintaining the most critical keys in the Realsec's system may be justifiable, but the cost of maintaining less critical keys in the Realsec's system may not be reasonable at all. In other words, the Realsec's system may be functionally suitable for centralizing storage and management of all the certificates of the company, but, at the same time, may provide excessively strong security functionalities for some of the certificates, such as those having a low level of critical nature, in which case it may be unnecessarily expensive to keep and manage said less critical certificates in the Realsec's system.